Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/plugins/sqlmap.rb
24954 views
1
require 'sqlmap/sqlmap_session'

2
require 'sqlmap/sqlmap_manager'

3
require 'json'

4


5
module Msf

6
  class Plugin::Sqlmap < Msf::Plugin

7
    class SqlmapCommandDispatcher

8
      include Msf::Ui::Console::CommandDispatcher

9


10
      def name

11
        'Sqlmap'

12
      end

13


14
      def commands

15
        {

16
          'sqlmap_new_task' => 'Create a new task',

17
          'sqlmap_connect' => 'sqlmap_connect <host> [<port>]',

18
          'sqlmap_list_tasks' => 'List the knows tasks. New tasks are not stored in DB, so lives as long as the console does',

19
          'sqlmap_get_option' => 'Get an option for a task',

20
          'sqlmap_set_option' => 'Set an option for a task',

21
          'sqlmap_start_task' => 'Start the task',

22
          'sqlmap_get_status' => 'Get the status of a task',

23
          'sqlmap_get_log' => 'Get the running log of a task',

24
          'sqlmap_get_data' => 'Get the resulting data of the task',

25
          'sqlmap_save_data' => 'Save the resulting data as web_vulns'

26
        }

27
      end

28


29
      def cmd_sqlmap_connect(*args)

30
        if args.empty?

31
          print_error('Need a host, and optionally a port')

32
          return

33
        end

34


35
        @host, @port = args

36


37
        if !@port

38
          @port = '8775'

39
        end

40


41
        @manager = Sqlmap::Manager.new(Sqlmap::Session.new(@host, @port))

42
        print_good("Set connection settings for host #{@host} on port #{@port}")

43
      end

44


45
      def cmd_sqlmap_set_option(*args)

46
        unless args.length == 3

47
          print_error('Usage:')

48
          print_error('\tsqlmap_set_option <taskid> <option_name> <option_value>')

49
          return

50
        end

51


52
        unless @manager

53
          print_error('Please run sqlmap_connect <host> first.')

54
          return

55
        end

56


57
        val = args[2] =~ /^\d+$/ ? args[2].to_i : args[2]

58


59
        res = @manager.set_option(@hid_tasks[args[0]], args[1], val)

60
        print_status("Success: #{res['success']}")

61
      end

62


63
      def cmd_sqlmap_start_task(*args)

64
        if args.empty?

65
          print_error('Usage:')

66
          print_error('\tsqlmap_start_task <taskid> [<url>]')

67
          return

68
        end

69


70
        options = {}

71
        options['url'] = args[1] if args.length == 2

72


73
        if !options['url'] && @tasks[@hid_tasks[args[0]]]['url'] == ''

74
          print_error('You need to specify a URL either as an argument to sqlmap_start_task or sqlmap_set_option')

75
          return

76
        end

77


78
        unless @manager

79
          print_error('Please run sqlmap_connect <host> first.')

80
          return

81
        end

82


83
        res = @manager.start_task(@hid_tasks[args[0]], options)

84
        print_status("Started task: #{res['success']}")

85
      end

86


87
      def cmd_sqlmap_get_log(*args)

88
        unless args.length == 1

89
          print_error('Usage:')

90
          print_error('\tsqlmap_get_log <taskid>')

91
          return

92
        end

93


94
        unless @manager

95
          print_error('Please run sqlmap_connect <host> first.')

96
          return

97
        end

98


99
        res = @manager.get_task_log(@hid_tasks[args[0]])

100


101
        res['log'].each do |message|

102
          print_status("[#{message['time']}] #{message['level']}: #{message['message']}")

103
        end

104
      end

105


106
      def cmd_sqlmap_get_status(*args)

107
        unless args.length == 1

108
          print_error('Usage:')

109
          print_error('\tsqlmap_get_status <taskid>')

110
          return

111
        end

112


113
        unless @manager

114
          print_error('Please run sqlmap_connect <host> first.')

115
          return

116
        end

117


118
        res = @manager.get_task_status(@hid_tasks[args[0]])

119


120
        print_status("Status: #{res['status']}")

121
      end

122


123
      def cmd_sqlmap_get_data(*args)

124
        unless args.length == 1

125
          print_error('Usage:')

126
          print_error('\tsqlmap_get_data <taskid>')

127
          return

128
        end

129


130
        @hid_tasks ||= {}

131
        @tasks ||= {}

132


133
        unless @manager

134
          print_error('Please run sqlmap_connect <host> first.')

135
          return

136
        end

137


138
        @tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']

139


140
        print_line

141
        print_status("URL: #{@tasks[@hid_tasks[args[0]]]['url']}")

142


143
        res = @manager.get_task_data(@hid_tasks[args[0]])

144


145
        tbl = Rex::Text::Table.new(

146
          'Columns' => ['Title', 'Payload']

147
        )

148


149
        res['data'].each do |d|

150
          d['value'].each do |v|

151
            v['data'].each do |i|

152
              title = i[1]['title'].split('-')[0]

153
              payload = i[1]['payload']

154
              tbl << [title, payload]

155
            end

156
          end

157
        end

158


159
        print_line

160
        print_line tbl.to_s

161
        print_line

162
      end

163


164
      def cmd_sqlmap_save_data(*args)

165
        unless args.length == 1

166
          print_error('Usage:')

167
          print_error('\tsqlmap_save_data <taskid>')

168
          return

169
        end

170


171
        unless framework.db && framework.db.usable

172
          print_error('No database is connected or usable')

173
          return

174
        end

175


176
        @hid_tasks ||= {}

177
        @tasks ||= {}

178


179
        unless @manager

180
          print_error('Please run sqlmap_connect <host> first.')

181
          return

182
        end

183


184
        @tasks[@hid_tasks[args[0]]] = @manager.get_options(@hid_tasks[args[0]])['options']

185


186
        print_line

187
        print_status('URL: ' + @tasks[@hid_tasks[args[0]]]['url'])

188


189
        res = @manager.get_task_data(@hid_tasks[args[0]])

190
        web_vuln_info = {}

191
        url = @tasks[@hid_tasks[args[0]]]['url']

192
        proto = url.split(':')[0]

193
        host = url.split('/')[2]

194
        port = 80

195
        host, port = host.split(':') if host.include?(':')

196
        path = '/' + url.split('/')[3..(url.split('/').length - 1)].join('/')

197
        query = url.split('?')[1]

198
        web_vuln_info[:web_site] = url

199
        web_vuln_info[:path] = path

200
        web_vuln_info[:query] = query

201
        web_vuln_info[:host] = host

202
        web_vuln_info[:port] = port

203
        web_vuln_info[:ssl] = (proto =~ /https/)

204
        web_vuln_info[:category] = 'imported from sqlmap'

205
        res['data'].each do |d|

206
          d['value'].each do |v|

207
            web_vuln_info[:pname] = v['parameter']

208
            web_vuln_info[:method] = v['place']

209
            web_vuln_info[:payload] = v['suffix']

210
            v['data'].each_value do |i|

211
              web_vuln_info[:name] = i['title']

212
              web_vuln_info[:description] = res.to_json

213
              web_vuln_info[:proof] = i['payload']

214
              framework.db.report_web_vuln(web_vuln_info)

215
            end

216
          end

217
        end

218
        print_good('Saved vulnerabilities to database.')

219
      end

220


221
      def cmd_sqlmap_get_option(*args)

222
        @hid_tasks ||= {}

223
        @tasks ||= {}

224


225
        unless args.length == 2

226
          print_error('Usage:')

227
          print_error('\tsqlmap_get_option <taskid> <option_name>')

228
        end

229


230
        unless @manager

231
          print_error('Please run sqlmap_connect <host> first.')

232
          return

233
        end

234


235
        arg = args.first

236
        task_options = @manager.get_options(@hid_tasks[arg])

237
        @tasks[@hid_tasks[arg]] = task_options['options']

238


239
        if @tasks[@hid_tasks[arg]]

240
          print_good("#{args[1]} : #{@tasks[@hid_tasks[arg]][args[1]]}")

241
        else

242
          print_error("Option #{arg} doesn't exist")

243
        end

244
      end

245


246
      def cmd_sqlmap_new_task

247
        @hid_tasks ||= {}

248
        @tasks ||= {}

249


250
        unless @manager

251
          print_error('Please run sqlmap_connect <host> first.')

252
          return

253
        end

254
        task_id = @manager.new_task

255
        if task_id['taskid']

256
          t_id = task_id['taskid'].to_s

257
          @hid_tasks[(@hid_tasks.length + 1).to_s] = t_id

258
          task_options = @manager.get_options(t_id)

259
          @tasks[@hid_tasks[@hid_tasks.length]] = task_options['options']

260
          print_good("Created task: #{@hid_tasks.length}")

261
        else

262
          print_error("Error connecting to the server. Please make sure the sqlmapapi server is running at #{@host}:#{@port}")

263
        end

264
      end

265


266
      def cmd_sqlmap_list_tasks

267
        @hid_tasks ||= {}

268
        @tasks ||= {}

269
        @hid_tasks.each_key do |task|

270
          print_good("Task ID: #{task}")

271
        end

272
      end

273
    end

274


275
    def initialize(framework, opts)

276
      super

277


278
      add_console_dispatcher(SqlmapCommandDispatcher)

279


280
      print_status('Sqlmap plugin loaded')

281
    end

282


283
    def cleanup

284
      remove_console_dispatcher('Sqlmap')

285
    end

286


287
    def name

288
      'Sqlmap'

289
    end

290


291
    def desc

292
      'sqlmap plugin for Metasploit'

293
    end

294
  end

295
end

296


297